WP Time Capsule and InfiniteWP WordPress plugins are affected by security flaws that could be exploited to take over websites running the popular CMS.
Experts at security firm WebArx have ethically disclosed vulnerabilities in WP Time Capsule and InfiniteWP plugins, both were patched earlier this month by the developer Revmakx.
The flaws in WP Time Capsule and InfiniteWP WordPress plugins could be exploited to take over websites running the popular CMS that are more than 320,000.
“we found that the InfiniteWP Client and WP Time Capsule plugins also contain logical issues in the code that allows you to login into an administrator account without a password.” reads the security advisory published by the experts.
The plugins are affected by logical issues that could allow attackers to log in as administrators without providing any password.